Nigerian Spam from Microsoft outlook
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@nk.ca
Delivery-date: Sat, 16 Mar 2024 10:42:00 -0600
Received: from mail-he1eur01on2138.outbound.protection.outlook.com ([40.107.13.138]:14065 helo=EUR01-HE1-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rlX64-00000000LOX-0PkC
for dave@nk.ca;
Sat, 16 Mar 2024 10:41:32 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=QgUqdnrapwkYJBZuaumS3Ph80KLYAQMp3Ds82Wf4jfLsoKBI00JCdDF4Rw8TGGaBbQmIa8smSOWdQBUgkK2pPqT3/dPaEyG4DIoRrjq69WPpSWkngYOaQB+RLDVB1TgAAGbOvP/p6Dy0IVsGOjPaRkiI/C/LOcyMqGMZLg/+Oy5zcV+lls+Zrg5ww91lCuFCTt7V56K0Q3jY9QdIwR7b0ExuMFkfsekW2F9AFcuVW0yl2rV/9ivnlE8JjFWtEvUi1HKBM7zj6JRZ+eIbmfERUV+QjiMMAirb3FsvpQj4YOoeIPiImh8J6OgaG1rrRuFfdC9J6BxdyQKncgIwTEungg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=0z1Et3hhVohRXtLPQRcHvEruzS6ydj0s9eHlBjyrDt0=;
b=oIFsQnlS7uKH4JBAgcE6sl5rTe362hAKhuKgIAzZ4dDENRo9Ee7h6OkZ6Z721Ap3Xv16cPhBWdhC6NqWpg1FOR5EPv0JthXfJBJw1nX4a4TmwDtQsn90dq8//qcaXNvc3gBw09uW6Ei4ELQnrdEgNAOHuglECOBgzzamFaVsGISfv2W0e0XAToN8pHNe+L3rQv6hTwGyO+6ZWCRYRnY1QsAqvqrYvnD2wQz/ufWGzSs4XY9VdynJYppei0yvDMx+ewI/gVkKbuATsTtXicpA8lzj0x3Q9l7aksU/Yl5vBik593tOdCD/BdIujO4kh2yZwPQ54sqxTgawNJLR7WZDtA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=temperror (sender ip
is 2001:67c:2564:a187::2:73) smtp.rcpttodomain=q.com
smtp.mailfrom=alumni.itc.nl; dmarc=pass (p=quarantine sp=quarantine pct=100)
action=none header.from=alumni.itc.nl; dkim=pass (signature was verified)
header.d=alumni.itc.nl; arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alumni.itc.nl;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=0z1Et3hhVohRXtLPQRcHvEruzS6ydj0s9eHlBjyrDt0=;
b=ZdYv5xvZ5Ej+a84Ghj9xeUvQeJ7iAiPZHm99/eVUL2sOg6R4i+pruU2sSNnJ1oA+VY2EETTaj07WRyH5Hb5S464AIguauzVwZvQ0zyYUs2o5yETu3Jp/esWWVYWMa0cX5rAkte66HlHHyMUF495TIQhzGYzbIIoWH4nDlOv1jaZ/++qpo/vXJOoiCOzqnX8qEJOcWf++OE7HLn4p3jXyk8ikZ9PSMbXl5IP8WXGMRPqfmPQiEGrAuVmN+FdMayBqadFrOnD0DlWBv/S78iG6L3+/0eHGmm1cdJPzrOnyBhFQc/DhcbFlvlp5T+zvXDpP3kN5HXxRxofo0M1Y/eD82Q==
Received: from DB8P191CA0025.EURP191.PROD.OUTLOOK.COM (2603:10a6:10:130::35)
by AS8P195MB2099.EURP195.PROD.OUTLOOK.COM (2603:10a6:20b:56a::8) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.25; Sat, 16 Mar
2024 16:39:19 +0000
Received: from DB1PEPF000509FA.eurprd03.prod.outlook.com
(2603:10a6:10:130:cafe::93) by DB8P191CA0025.outlook.office365.com
(2603:10a6:10:130::35) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.23 via Frontend
Transport; Sat, 16 Mar 2024 16:39:12 +0000
X-MS-Exchange-Authentication-Results: spf=temperror (sender IP is
2001:67c:2564:a187::2:73) smtp.mailfrom=alumni.itc.nl; dkim=pass (signature
was verified) header.d=alumni.itc.nl;dmarc=pass action=none
header.from=alumni.itc.nl;
Received-SPF: TempError (protection.outlook.com: error in processing during
lookup of alumni.itc.nl: DNS Timeout)
Received: from mail.ad.utwente.nl (130.89.9.12) by
DB1PEPF000509FA.mail.protection.outlook.com (10.167.242.36) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.7386.12 via Frontend Transport; Sat, 16 Mar 2024 16:39:11 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
s=s2048; d=alumni.itc.nl;
h=from:subject:date:message-id:content-type:mime-version:to;
bh=0z1Et3hhVohRXtLPQRcHvEruzS6ydj0s9eHlBjyrDt0=;
b=kcHZ1O/g5wSUKP178l/ImfeJnOosDmU6Ec+gKTx4luWaGIbIvx+EY+5q1aWsVj
vPKlmufW6b3D7NoFCGcyGrGv9P+sYmvZS9eGiXESVZx4YkwCcLA3YzzyI3b2of
9vykJ3JrmK1nDK2QgYn3RMpopTCvt6FY8TgoZIvgbnUyO+c61elnbGmF3SVvJ4
eRB2Z5xkEWHsqL0nM7y2PlEI34oCM8+c7zMttVP24sP/VJ2u8wYEXwcA6BfKET
QVZSsH5KPPSoKy6lKPsDC5DYzw4RvBzjuB9Usc+UBnD8ibjOaXIrwy65wkdaTI
tjK+FxvB1Q0NKdLZicXQdPNkP5IfUDrA==
Received: from exmrs73.ad.utwente.nl (2001:67c:2564:a187::2:73) by
mail.ad.utwente.nl (2001:67c:2564:a187::2:161) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1544.9; Sat, 16 Mar 2024 17:39:11 +0100
Received: from exmrs72.ad.utwente.nl (2001:67c:2564:a187::2:72) by
exmrs73.ad.utwente.nl (2001:67c:2564:a187::2:73) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1544.9; Sat, 16 Mar 2024 17:39:11 +0100
Received: from exmrs72.ad.utwente.nl ([fe80::dcd:fa20:abf1:7a3d]) by
exmrs72.ad.utwente.nl ([fe80::dcd:fa20:abf1:7a3d%16]) with mapi id
15.02.1544.009; Sat, 16 Mar 2024 17:39:10 +0100
From: Yaseen Taha Mustafa
Subject: Mr.Bernard has donation $ 3,500,000.00 to you for the purpose of
Charity project. Kindly respond to bernardarnault928@gmail.com for more
information.
Thread-Topic: Mr.Bernard has donation $ 3,500,000.00 to you for the purpose of
Charity project. Kindly respond to bernardarnault928@gmail.com for more
information.
Thread-Index: AQHad8B4+dsqXvqKoECr+owfEV5Wxw==
Date: Sat, 16 Mar 2024 16:39:10 +0000
Message-ID: <00acc761d28244a69d3766f458cd6d58@alumni.itc.nl>
Accept-Language: en-US, en-GB
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.89.9.62]
Content-Type: multipart/alternative;
boundary="_000_00acc761d28244a69d3766f458cd6d58alumniitcnl_"
MIME-Version: 1.0
To: Undisclosed recipients:;
X-EOPAttributedMessage: 0
X-MS-Exchange-SkipListedInternetSender:
ip=[2001:67c:2564:a187::2:73];domain=exmrs73.ad.utwente.nl
X-MS-Exchange-ExternalOriginalInternetSender:
ip=[2001:67c:2564:a187::2:73];domain=exmrs73.ad.utwente.nl
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB1PEPF000509FA:EE_|AS8P195MB2099:EE_
X-MS-Office365-Filtering-Correlation-Id: 0b9256dd-75cd-45d6-573c-08dc45d79c23
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
oEGQZeUh5E0hC+Whr8qso5rUD3bh1lr1lDWA+ARBtOgVWadr+UCgDNTIILtVUwQxEJt4M86MgZStwQEhYyTDGxkZImf9vw0oIU5Lrss55uIfuc3QzndGM4uKu6ONNqNbApc5/aCFhof02s+9MjcknFZq1IgQH66q0D9p/PjIvrTSuyZ+GxO6LDbdb/quY2fItVWuJj3fGMhcVCKbQKvZ68ysxPsyieTx25thJfw8+qLp03YgZhWFMPPrgBv5d5QYUuxkLrRCyz6FwL2/mcM36yDrlxQ214FVwmNH1C16o39dQ2gGUdb7cYcDyZK1cGE4QLqSbiQTOvOF32FQC2IPb12fxwNfrNM4OLzhVVPnPjkuxrab9ssRpd0Mvjqa+outakbDS+Hg9EU7llq2+pKboLcwyzi+nCut85lYd5niJ9R7zuoYafsmAS1TaGTWypJmQxLoJqDNHZcH95/phSFIVu/YYsoG5QYM041vss7HeRwG+GByQqq7Pe5IhDnq7+i3khMJqYosQ2Q5aDkPQllaAzzQzpC5JyJ/V1kfi6aY+acUMBmw9lf+U52TbBrmfsN/
X-Forefront-Antispam-Report:
CIP:130.89.9.12;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:exmrs73.ad.utwente.nl;PTR:exmrs73.ad.utwente.nl;CAT:NONE;SFS:(13230031)(82310400014)(36860700004)(32650700005)(7416005)(1800799015)(376005);DIR:OUT;SFP:1102;
X-OriginatorOrg: alumni.itc.nl
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Mar 2024 16:39:11.6958
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 0b9256dd-75cd-45d6-573c-08dc45d79c23
X-MS-Exchange-CrossTenant-Id: 723246a1-c3f5-43c5-acdc-43adb404ac4d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=723246a1-c3f5-43c5-acdc-43adb404ac4d;Ip=[130.89.9.12];Helo=[mail.ad.utwente.nl]
X-MS-Exchange-CrossTenant-AuthSource:
DB1PEPF000509FA.eurprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8P195MB2099
X-Spam_score: 10.2
X-Spam_score_int: 102
X-Spam_bar: ++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview:
Content analysis details: (10.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.3 EMPTY_MESSAGE Message appears to have no textual parts and no
Subject: text
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[40.107.13.138 listed in wl.mailspike.net]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[40.107.13.138 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.0 ARC_VALID Message has a valid ARC signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.0 ARC_SIGNED Message has a ARC signature
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
0.0 HTML_MESSAGE BODY: HTML included in message
2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable
0.0 LOTS_OF_MONEY Huge... sums of money
3.0 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} Mr.Bernard has donation $ 3,500,000.00 to you for the purpose of
Charity project. Kindly respond to bernardarnault928@gmail.com for more
information.
--_000_00acc761d28244a69d3766f458cd6d58alumniitcnl_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
--_000_00acc761d28244a69d3766f458cd6d58alumniitcnl_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
1">
-family:Calibri,Helvetica,sans-serif;" dir=3D"ltr">
Envelope-to: dave@nk.ca
Delivery-date: Sat, 16 Mar 2024 10:42:00 -0600
Received: from mail-he1eur01on2138.outbound.protection.outlook.com ([40.107.13.138]:14065 helo=EUR01-HE1-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rlX64-00000000LOX-0PkC
for dave@nk.ca;
Sat, 16 Mar 2024 10:41:32 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=QgUqdnrapwkYJBZuaumS3Ph80KLYAQMp3Ds82Wf4jfLsoKBI00JCdDF4Rw8TGGaBbQmIa8smSOWdQBUgkK2pPqT3/dPaEyG4DIoRrjq69WPpSWkngYOaQB+RLDVB1TgAAGbOvP/p6Dy0IVsGOjPaRkiI/C/LOcyMqGMZLg/+Oy5zcV+lls+Zrg5ww91lCuFCTt7V56K0Q3jY9QdIwR7b0ExuMFkfsekW2F9AFcuVW0yl2rV/9ivnlE8JjFWtEvUi1HKBM7zj6JRZ+eIbmfERUV+QjiMMAirb3FsvpQj4YOoeIPiImh8J6OgaG1rrRuFfdC9J6BxdyQKncgIwTEungg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=0z1Et3hhVohRXtLPQRcHvEruzS6ydj0s9eHlBjyrDt0=;
b=oIFsQnlS7uKH4JBAgcE6sl5rTe362hAKhuKgIAzZ4dDENRo9Ee7h6OkZ6Z721Ap3Xv16cPhBWdhC6NqWpg1FOR5EPv0JthXfJBJw1nX4a4TmwDtQsn90dq8//qcaXNvc3gBw09uW6Ei4ELQnrdEgNAOHuglECOBgzzamFaVsGISfv2W0e0XAToN8pHNe+L3rQv6hTwGyO+6ZWCRYRnY1QsAqvqrYvnD2wQz/ufWGzSs4XY9VdynJYppei0yvDMx+ewI/gVkKbuATsTtXicpA8lzj0x3Q9l7aksU/Yl5vBik593tOdCD/BdIujO4kh2yZwPQ54sqxTgawNJLR7WZDtA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=temperror (sender ip
is 2001:67c:2564:a187::2:73) smtp.rcpttodomain=q.com
smtp.mailfrom=alumni.itc.nl; dmarc=pass (p=quarantine sp=quarantine pct=100)
action=none header.from=alumni.itc.nl; dkim=pass (signature was verified)
header.d=alumni.itc.nl; arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alumni.itc.nl;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=0z1Et3hhVohRXtLPQRcHvEruzS6ydj0s9eHlBjyrDt0=;
b=ZdYv5xvZ5Ej+a84Ghj9xeUvQeJ7iAiPZHm99/eVUL2sOg6R4i+pruU2sSNnJ1oA+VY2EETTaj07WRyH5Hb5S464AIguauzVwZvQ0zyYUs2o5yETu3Jp/esWWVYWMa0cX5rAkte66HlHHyMUF495TIQhzGYzbIIoWH4nDlOv1jaZ/++qpo/vXJOoiCOzqnX8qEJOcWf++OE7HLn4p3jXyk8ikZ9PSMbXl5IP8WXGMRPqfmPQiEGrAuVmN+FdMayBqadFrOnD0DlWBv/S78iG6L3+/0eHGmm1cdJPzrOnyBhFQc/DhcbFlvlp5T+zvXDpP3kN5HXxRxofo0M1Y/eD82Q==
Received: from DB8P191CA0025.EURP191.PROD.OUTLOOK.COM (2603:10a6:10:130::35)
by AS8P195MB2099.EURP195.PROD.OUTLOOK.COM (2603:10a6:20b:56a::8) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.25; Sat, 16 Mar
2024 16:39:19 +0000
Received: from DB1PEPF000509FA.eurprd03.prod.outlook.com
(2603:10a6:10:130:cafe::93) by DB8P191CA0025.outlook.office365.com
(2603:10a6:10:130::35) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.23 via Frontend
Transport; Sat, 16 Mar 2024 16:39:12 +0000
X-MS-Exchange-Authentication-Results: spf=temperror (sender IP is
2001:67c:2564:a187::2:73) smtp.mailfrom=alumni.itc.nl; dkim=pass (signature
was verified) header.d=alumni.itc.nl;dmarc=pass action=none
header.from=alumni.itc.nl;
Received-SPF: TempError (protection.outlook.com: error in processing during
lookup of alumni.itc.nl: DNS Timeout)
Received: from mail.ad.utwente.nl (130.89.9.12) by
DB1PEPF000509FA.mail.protection.outlook.com (10.167.242.36) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.7386.12 via Frontend Transport; Sat, 16 Mar 2024 16:39:11 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
s=s2048; d=alumni.itc.nl;
h=from:subject:date:message-id:content-type:mime-version:to;
bh=0z1Et3hhVohRXtLPQRcHvEruzS6ydj0s9eHlBjyrDt0=;
b=kcHZ1O/g5wSUKP178l/ImfeJnOosDmU6Ec+gKTx4luWaGIbIvx+EY+5q1aWsVj
vPKlmufW6b3D7NoFCGcyGrGv9P+sYmvZS9eGiXESVZx4YkwCcLA3YzzyI3b2of
9vykJ3JrmK1nDK2QgYn3RMpopTCvt6FY8TgoZIvgbnUyO+c61elnbGmF3SVvJ4
eRB2Z5xkEWHsqL0nM7y2PlEI34oCM8+c7zMttVP24sP/VJ2u8wYEXwcA6BfKET
QVZSsH5KPPSoKy6lKPsDC5DYzw4RvBzjuB9Usc+UBnD8ibjOaXIrwy65wkdaTI
tjK+FxvB1Q0NKdLZicXQdPNkP5IfUDrA==
Received: from exmrs73.ad.utwente.nl (2001:67c:2564:a187::2:73) by
mail.ad.utwente.nl (2001:67c:2564:a187::2:161) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1544.9; Sat, 16 Mar 2024 17:39:11 +0100
Received: from exmrs72.ad.utwente.nl (2001:67c:2564:a187::2:72) by
exmrs73.ad.utwente.nl (2001:67c:2564:a187::2:73) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1544.9; Sat, 16 Mar 2024 17:39:11 +0100
Received: from exmrs72.ad.utwente.nl ([fe80::dcd:fa20:abf1:7a3d]) by
exmrs72.ad.utwente.nl ([fe80::dcd:fa20:abf1:7a3d%16]) with mapi id
15.02.1544.009; Sat, 16 Mar 2024 17:39:10 +0100
From: Yaseen Taha Mustafa
Subject: Mr.Bernard has donation $ 3,500,000.00 to you for the purpose of
Charity project. Kindly respond to bernardarnault928@gmail.com for more
information.
Thread-Topic: Mr.Bernard has donation $ 3,500,000.00 to you for the purpose of
Charity project. Kindly respond to bernardarnault928@gmail.com for more
information.
Thread-Index: AQHad8B4+dsqXvqKoECr+owfEV5Wxw==
Date: Sat, 16 Mar 2024 16:39:10 +0000
Message-ID: <00acc761d28244a69d3766f458cd6d58@alumni.itc.nl>
Accept-Language: en-US, en-GB
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.89.9.62]
Content-Type: multipart/alternative;
boundary="_000_00acc761d28244a69d3766f458cd6d58alumniitcnl_"
MIME-Version: 1.0
To: Undisclosed recipients:;
X-EOPAttributedMessage: 0
X-MS-Exchange-SkipListedInternetSender:
ip=[2001:67c:2564:a187::2:73];domain=exmrs73.ad.utwente.nl
X-MS-Exchange-ExternalOriginalInternetSender:
ip=[2001:67c:2564:a187::2:73];domain=exmrs73.ad.utwente.nl
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB1PEPF000509FA:EE_|AS8P195MB2099:EE_
X-MS-Office365-Filtering-Correlation-Id: 0b9256dd-75cd-45d6-573c-08dc45d79c23
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
oEGQZeUh5E0hC+Whr8qso5rUD3bh1lr1lDWA+ARBtOgVWadr+UCgDNTIILtVUwQxEJt4M86MgZStwQEhYyTDGxkZImf9vw0oIU5Lrss55uIfuc3QzndGM4uKu6ONNqNbApc5/aCFhof02s+9MjcknFZq1IgQH66q0D9p/PjIvrTSuyZ+GxO6LDbdb/quY2fItVWuJj3fGMhcVCKbQKvZ68ysxPsyieTx25thJfw8+qLp03YgZhWFMPPrgBv5d5QYUuxkLrRCyz6FwL2/mcM36yDrlxQ214FVwmNH1C16o39dQ2gGUdb7cYcDyZK1cGE4QLqSbiQTOvOF32FQC2IPb12fxwNfrNM4OLzhVVPnPjkuxrab9ssRpd0Mvjqa+outakbDS+Hg9EU7llq2+pKboLcwyzi+nCut85lYd5niJ9R7zuoYafsmAS1TaGTWypJmQxLoJqDNHZcH95/phSFIVu/YYsoG5QYM041vss7HeRwG+GByQqq7Pe5IhDnq7+i3khMJqYosQ2Q5aDkPQllaAzzQzpC5JyJ/V1kfi6aY+acUMBmw9lf+U52TbBrmfsN/
X-Forefront-Antispam-Report:
CIP:130.89.9.12;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:exmrs73.ad.utwente.nl;PTR:exmrs73.ad.utwente.nl;CAT:NONE;SFS:(13230031)(82310400014)(36860700004)(32650700005)(7416005)(1800799015)(376005);DIR:OUT;SFP:1102;
X-OriginatorOrg: alumni.itc.nl
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Mar 2024 16:39:11.6958
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 0b9256dd-75cd-45d6-573c-08dc45d79c23
X-MS-Exchange-CrossTenant-Id: 723246a1-c3f5-43c5-acdc-43adb404ac4d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=723246a1-c3f5-43c5-acdc-43adb404ac4d;Ip=[130.89.9.12];Helo=[mail.ad.utwente.nl]
X-MS-Exchange-CrossTenant-AuthSource:
DB1PEPF000509FA.eurprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8P195MB2099
X-Spam_score: 10.2
X-Spam_score_int: 102
X-Spam_bar: ++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview:
Content analysis details: (10.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.3 EMPTY_MESSAGE Message appears to have no textual parts and no
Subject: text
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[40.107.13.138 listed in wl.mailspike.net]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[40.107.13.138 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.0 ARC_VALID Message has a valid ARC signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.0 ARC_SIGNED Message has a ARC signature
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
0.0 HTML_MESSAGE BODY: HTML included in message
2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable
0.0 LOTS_OF_MONEY Huge... sums of money
3.0 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} Mr.Bernard has donation $ 3,500,000.00 to you for the purpose of
Charity project. Kindly respond to bernardarnault928@gmail.com for more
information.
--_000_00acc761d28244a69d3766f458cd6d58alumniitcnl_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
--_000_00acc761d28244a69d3766f458cd6d58alumniitcnl_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
1">
-family:Calibri,Helvetica,sans-serif;" dir=3D"ltr">
--_000_00acc761d28244a69d3766f458cd6d58alumniitcnl_--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments